<?

//	***************************************
//	SbSE login logic v0.9.5 / 2010.10.17
//	***************************************

if ($login = str_safe(trim(postdata('login')))) {		// something entered

	$pass = str_safe(trim(postdata('pass')));

	if ($user = datafetch('db_item', tb('auth'), "login='$login' AND pass='".pwd($pass, $login)."'")) {

		if ($user['attr'] & U_ENABLED) {

			$user['time'] = date("H:i");
			$user['settings'] = json_decode($user['settings'], true);
			if (!is_array($user['settings'])) $user['settings'] = array();
			
			create_session($user);

			if (USE_LOG4) {
				$log->warn(implode(" ", array(
					"login success",
					"ip:$DATA[ip]", 
					"user:$user[id]", 
					"name:$user[name]",
				)));
			}
			
		} else {

			$DATA['login_error'] = "Account is disabled";

			if (USE_LOG4) {
				$log->warn(implode(" ", array(
					"login failed (account is disabled)",
					"ip:$DATA[ip]", 
					"user:$user[id]", 
					"name:$user[name]",
				)));
			}

		}

	} else {

		$DATA['login_error'] = "Wrong login or password";
		// some diags for bad user/password

		if (USE_LOG4) {
			$log->warn(implode(" ", array(
				"login failed (bad credentials)",
				"ip:$DATA[ip]", 
				"name:$login",
			)));
		}
		
	}
		
}

